Total
24 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-7512 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component. | |||||
CVE-2020-7504 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent. | |||||
CVE-2020-7503 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted. | |||||
CVE-2020-7508 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force. |